Associate General Counsel, Microsoft Cybercrime Center
On March 6, Microsoft anti-piracy teams around the world turn their attention to raising awareness of the issues surrounding software piracy. What started as a stand-alone day six years ago has evolved into a series of events and activities that bring together piracy experts, cyber-security analysts, IP advocates and law enforcement to educate consumers and businesses about the dangers of using pirated and counterfeit software.
Addressing software piracy is a critical issue for our shareholders, partners, employees and customers, because while counterfeit software may look like genuine software, it doesn’t work like genuine software.
In support of Microsoft’s Play It Safe campaign, Microsoft asked International Data Corporation (IDC) to investigate the consumer and enterprise experiences with software piracy. The results, compiled in a white paper sponsored by Microsoft,* were pretty eye-opening: IDC found that consumers and businesses who use pirated software will encounter dangerous malware more than one-third of the time. Some of that malware enables cybercriminals to gain remote access to a victim’s computer without the victim knowing about it. The malware can then record a person’s every keystroke – allowing cybercriminals to steal a victim’s personal and financial information – or remotely switch on an infected computer’s microphone and video camera, giving cybercriminals eyes and ears in board rooms and living rooms.
Beyond an in-depth examination of malware found on pirated software, IDC surveyed 2,077 consumers and 258 CIOs/IT across 10 countries, and found that a whopping 64 percent of those surveyed said they knew people who had used counterfeit software and experienced security problems with it.
And the wasted hours and money spent cleaning up this dangerous and awful mess? The IDC found that consumers worldwide will spend $22 billion and 1.5 billion hours dealing with issues related to malware from pirated software in 2013; enterprises will spend $114 billion, or 8 percent of all IT labor costs.
The IDC’s findings come on the heels of powerful research conducted by some of my Microsoft colleagues in China and Southeast Asia. Our security forensics team there just announced results from an extensive study of well-known, branded PCs, which had been loaded with pirated copies of Windows – and they found malware installed even more frequently than the IDC did. In fact, 68 percent of these PCs examined in Indonesia, Malaysia, the Philippines, Vietnam and Thailand had malware, likely shipped without operating systems and later installed by individuals in the downstream supply chain or retail channel who deal in the illegal duplication and distribution of pirated software. In a similar study in China, Microsoft investigators found a high rate too: out of 169 brand-name PCs acquired through traditional PC malls in China – all of them containing counterfeit software already installed – fully 59 percent of them contained dangerous malware.
My team of investigators, analysts and attorneys (many of them former prosecutors and law enforcement officials) has been probing the dark world of software piracy for almost 15 years, and the detailed research from the IDC and our forensic experts mirrors what we have increasingly seen: software piracy often means nasty criminal activity and danger. For example, Mexico-based La Familia Michoacana, perhaps the most violent drug cartel in the world, has been in the business of manufacturing and distributing counterfeit software for years. And now, with the rise of sophisticated cyberhacking and cybercrime techniques, counterfeit software that is loaded with infected code means the criminals can extort additional profits from the PC users themselves.
All of this this raises a simple question: in an environment where opportunistic cybercriminals are ready to take advantage of unsuspecting shoppers, what is a computer buyer to do? Microsoft reminds PC buyers to “play it safe”: ask questions, investigate packaging that doesn’t look quite right, watch for “too good to be true” prices, and always demand genuine software when purchasing a computer. Visit www.howtotell.com to learn more about how to avoid purchasing fake software.
If you do become a victim of piracy, the risks of infection are too great – as the IDC and forensic studies underscore – for you to stand idly by. Go back and complain to the dealer who sold you the PC loaded with the counterfeit. And be sure to report it. More than 450,000 people have done so over the past eight years, letting us know that they paid nearly full price only to receive software that severely compromised their security, didn’t work as expected or didn’t work at all. Thanks in significant part to their cooperation, we’ve been able to detect, disrupt and dismantle large counterfeit syndicates across the globe. And protect businesses and consumers like you.
* IDC White Paper, sponsored by Microsoft, The Dangerous World of Counterfeit and Pirated Software, March 2013.